Pakistan has formally established nine Computer Emergency Response Teams (CERTs) under CERT Rules-2023 as part of ongoing efforts to strengthen national cyber governance and digital security. These teams, including National, Punjab, KP, Balochistan, Sindh, AJK, GB, Telecom, Defense, and Community CERTs, represent the foundational framework for the country’s expanding cyber-response ecosystem. The government is now seeking nominations from additional sectors to broaden this structure, reflecting a commitment to enhance coordination, preparedness, and proactive responses to cyber threats across both public and private domains.
According to the Ministry of IT and Telecommunication, the CERT initiative is part of broader reforms being implemented under the National Cyber Security Policy 2021 (NCSP-2021). This policy operates through the Digital Economy Enhancement Program (DEEP), which incorporates key components such as a Secure Data Exchange Layer, Digital Identity services, and e-Citizen enablement. The initiative emphasizes the strategic alignment of critical infrastructure protection with national digital transformation goals, ensuring that essential services remain secure while enabling efficient governance and public service delivery. A draft National Cyber Security Act is under consultation to provide a legislative framework, while a 14-member CERT Council has been formed to coordinate cybersecurity activities until a central authority is fully established.
The National CERT, operational since 2023-24, has issued guidelines for the designation and protection of Critical Information Infrastructures (CIIs) across various sectors. Under PECA-2016, information systems of NADRA, FBR, and the telecom sector have already been designated as CIIs, with additional sector summaries under review. These protocols include comprehensive protection measures and the application of relevant provisions of cybercrime law to ensure accountability and security. The CERTs are designed to respond to threats in real time, coordinate incident handling, and advise organizations on best practices, strengthening Pakistan’s capacity to manage cyber risks while supporting a resilient digital ecosystem.
By expanding CERT coverage across provinces, federal institutions, and key sectors, Pakistan aims to build a coordinated cybersecurity network capable of addressing emerging threats and vulnerabilities. This effort includes outreach to private industry, community stakeholders, and government entities to foster collaboration and knowledge sharing. Through the combined efforts of operational CERTs, policy frameworks, and regulatory oversight, the country is laying the groundwork for a more secure and responsive digital environment, ensuring that critical infrastructure, citizen data, and national information systems are adequately protected against evolving cyber risks.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
